Report: Apple hacked in "sophisticated" attack

Apple has joined a laundry list of high-profile companies that have announced cyber intrusions in recent weeks.

The computing giant told news agency Reuters on Tuesday that a "small number" of its employees' Mac laptops were compromised by malware, although it is not aware of any data that had been exfiltrated.

Still, Apple termed the attack "sophisticated" and said the adversaries behind it were the same ones who breached Facebook, which announced Friday evening that its systems were compromised after a "handful" of workers visited an infected website belonging to a mobile developer.

“The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops,” according to a post from the Facebook Security Team. “The laptops were fully patched and running up to date anti-virus software."

Facebook said the computers were hit with a then-unpatched Java exploit. It wasn't until Feb. 1 that the vulnerability, among dozes of others, was patched by Oracle, which maintains Java software.

“As one of the first companies to discover this malware, we immediately took steps to start sharing details about the infiltration with the other companies and entities that were affected,” Facebook said. “We plan to continue collaborating on this incident through an informal working group and other means.”

According to the Reuters story, Apple believes the same hackers are responsible for both incidents. If that's the case, it would would seem that the Facebook employees were also using Macs when the malware was served.

Sean Sullivan, a security adviser at Finnish anti-virus company F-Secure, said similar attacks could have easily stuck other tech companies that lacked the capabilities to detect a breach before saboteurs made off with data.

"There are hundreds, if not millions, of mobile apps in the world," he wrote in a Tuesday blog post. "How many of the apps' developers do you think have visited a mobile developer website recently? With a Mac and a very false sense of security?"

Apple and Facebook join Twitter, The New York Times, The Wall Street Journal and The Washington Post as big-name corporations that announced breaches in the last two weeks. SCMagazine.com could not independently confirm the breach at Apple as a spokesperson did not immediately respond to a request for comment.

UPDATE: Steven Adair, a researcher at intelligence-gathering Shadowserver Foundation, said the malicious command-and-control domains are now pointing to the volunteer group. More victims are likely to emerge.

"Shadowserver has collaborated with Facebook to sinkhole malicious hostnames related to some of the recently announced activity," he told SCMagazine.com in an email. "These efforts have revealed a number of other victim organizations, which Shadowserver and Facebook have been jointly working to notify."

Get SC Media delivered to your inbox

SC Media Featured White Paper of the Day

SC Media Newswire

SC Media Product/Industry Buzz

I would like to receive relevant information via email from Haymarket Media.

SC Media arms cybersecurity professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.